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AMENDMENTS TO THE CLAIMS 

Claims pending 

• At time of the Action: Claims 1 and 3-41. 

• After this Response: Claims 1, 3-11, 14-19 and 33-40. 
Canceled or Withdrawn daims: 2, 12, 13, 20-32 and 41 . 
Amended claims: 1, 33, 34 and 35. 

New claims: None, 

1 . (Currently Amended) A method for processing a permission s^ associated with a 
code assembly received from a resource location to control execution of the code assembly, 
the method comprising: 

receiving the permission set including at least one pennission associated with the 

code assembly, 

receiving a set of requestable pemiissions in association with the code assembly:-and 

generating a grantable pennission set from a subset of the pennission set specified by 
die set of requestable permissions prior to run-time execution of the code assembly; 

executing a first level of code assembly fimctionalitv if a first optional set of 
pemiissiona specified in the requestable pennission set is a subset of the permission set; and 

executing a second level of code assemblv fimctionalitv if a second optional set of 
permission specified in the requestable oennission set is a subset of the pennission set 

2. (Canceled). 
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3. (Previously Presented) The method of claim 1 wherein the generating operation 
comprises: 

computing a logical set operation on the permission set and the set of requestable 
permissions to generate the grantable permission set 

4. (Previously Presrated) The method of claim 1 further comprising: 
comparing the permission set and a minimum permission condition specified by the 

set of r^uestable pemiissions; and 

preventing loading of the code assembly, if the permission set fails to satisfy the 
minimum pemiission condition. 

5. (Previously Presented) The method of claim 1 further comprising: 
preventing execution of the code assembly, if the permission set fells to satisfy a 

minimum permission condition specified by the set of requestable permissions* 

6. (Original) The method of claim 1 fiirther comprising: 

defining a code group collection based on a security policy specification, the code 
group collection including one or more code groups; 

receiving evidence associated with the code assembly; 

evaluating membership of the code assembly in the one or more code groups, based 
on the evidence; and 
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generating the permission set based on the membership of the code assembly in the 
one or more code groups. 

7. (Previously Presented) The method of claim I wherein the set of requestable 
permissions specifies a plurality of typed pennission request sets, each typed permission 
request set specifying a distinct type of pennission preference requested in association with 
the code assembly. 

8. (Previously Presented) The method of claim 1 wherein the set of requestable 
permissions specifies a minimum permission condition in association with the code 
assembly. 

9. (Previously Presented) The method of claim 8 wherein the generating op^ution 
comprises: 

filtering the permission set based on the minimum permission condition to generate 
the grantable permission set, such that the grantable permission set inchides a subset of the 
permission set* 

10. (Previously Presented) The method of claim 8 fiirther comprising: 
preventing loading of the code assembly, if the minimum pennission condition is not 

a subset of the permission set. 
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1 1 . (Previously Presented) The method of claim 8 further comprising: 
preventing execution of the code assembly, if the minimum permission condition is 
not a subset of the permission set. 

12-13. (Canceled). 

14. (Previously Presented) The method of claim 1 wherein the set of requestable 
pennissions specifies a reflise request set specii^ng a set of one or more peraiissions to be 
omitted fiom the grantable permission set associated with the code assembly. 

15. (Previously Presaited) The method of claim 14 further comprising: 
omitting the set of one or more pennissions specified by Ae refuse request set from 

the set of grantable permissions. 

16. (Previously Presented) The method of claim 1 wherein the set of requestable 
permissions includes an optional request set specifying an optional set of permissions 
requestable in association with flie code assembly and a minimum request set specifying a 
minimum set of pemussions requestable in association with the code assembly, and wherein 
the generating operation comprises: 

computing a union of the optional request set and the minimum request set to provide 
a maximum request set; and 

computing an intersection of the maximum request set and the permission set 
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17. (Previously Presented) The method of claim 16 wherein the set of requestable 
permissions further specifies a refuse request set specifying a set of one or more permissions 
to be omitted from the grantable peraiission set in associated with the code assembly, and 
wherein the generating operation further comprises: 

subtracting the set of one or more permissions specified in the refiise request set fiom 
the intersection of the majrimum request set and the permission set. 

18. (Previously Presented>The method of claim 1 wherein the operation of receiving 
the set of requestable permissions comprises: 

receiving the set of requestable permissions and the code assembly in a single 
network communication. 

19. (Previously Prcsented> The method of claim 1 wherein the operation of receiving 
the set of requestable permissions comprise: 

retrieving the set of requestable pennissions in a network conmiunication distinct 
from a network communication in which the code assembly is received* 

20-32. (Canceled). 

33. (Currently Amended) A computer data signal embodied in a carrier wave by a 
computing system and encoding a computer program for executing a computer process 
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processing a peimission set associated with a code assembly received from a resource 
location to control execution of the code assembly, the computer process comprising: 

receiving the peimission set including at least one permission associated >vith the 
code assembly; 

receiving a set of requestable permissions in association with the code assembly;-a»4 

filtering the permission set based on the set of requestable pOTnissions before run- 
time execution of the code assembly; 

ftYecutinp a basic fimctionalitv of the code assembly if an optional set of permissions 
specified in the set of requestable permissions is not a subset of the permission set and 

executing an enhanced functionality of the code assemb ly if the optional set of 
pftimiRRmn s Specified in the set of requestable permissio ns is a subset of the 
permission set 

34, (Currently Amended) A computer program storage medium readable by a 
computer system and encoding a computer program for executing a computer process 
processing a permission set associated with a code assembly received from a resource 
location, the computer process comprising: 

receiving the permission set including at least one permission associated with the 
code assembly; 

receiving a set of requestable permissions in association with the code assembly;-«ad 
filtering the permission set based on the set of requestable permissions prior to ruur 
time execution of the code assembly; 
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executing a first level of code assembly functionali tv if a first optional set of 
permissions specified in the reouestable permission set is a subset of the permission set; and 

executing a second level of code assembly fiinctionalitv i f a second optional set of 
pennission specified in the reguestablc permission set is a subset of the pemussion set. 

35. (Currently Amended) A computer program product encoding a computer 
program for executing on a computer system a computer process processing a permission set 
associated with a code assembly received finom a resource location to control execution of the 
code assembly, the computer process comprising: 

defining a code group collection based on a security policy specification, the code 
group collection including one or more code groups; 

receiving evidence associated with the code assembly; 

evaluating membership of the code assembly in the one or more code groups, based 
on the evidence; 

generating the permission set based on the membership of the code assembly in the 
one or more code groups; 

receiving a set of requestable permissions in association with the code assembly;-md 

computing a logical set operation on the pemiission set arul the set of requestable 
permissions to generate a grantable permission set before execution of the code assembly^ 

executing a basic fimcrionalitv of the code assembly if an optional set of permissions 
specified in the set of requestable permissions is not a subset of the permission set: and 

executing an enhanced functionality of the code assembly if the opti_onal_s_e_t_of 

leeOhayes pOc 509-324^6 9 of 12 attorney DOCKETNO. MSUimUS 

RESPONSE TO OFFICE ACTION DATED 1/13/2005 APPUCATTON NO. 09/599,015 



PA(X 11/U' RCVD AT 7/15/2005 S:M:12 PM [Eastern DayOght fine]' ^^^^ 



JUL 15 2005 14:59 FR LEE - HAYES PLL 509 323 8979 TO 15712738300 



P. 12/14 



permissions specified in the set of Teauestabl e permissions is a subset of the 
permission set . 

36. (Previoixsly Presented) The computer program pmduct of claim 35 wherein the 
set of requestable pcmiissions includes an optional request set specifying an optional set of 
permissions requestable in ass o c i ation with the code assembly and a minimum request set 
specifying a minimum set of permissions requestable in association with the code assembly, 
and wherein tbe computing operation comprises: 

computing a union of die optional request set and the minimum request set to provide 
a maximum request set; and 

computing an intersection of the maximum request set and the peraiission set. 

37- (Previously Presented) The computer program of claim 36 wherein the set of 
requestable pennissions fiuther specifies a refuse request set specifying a set of one or more 
permissions to be omitted from the grantable permission set in associated with the code 
assembly, and wherein the computing operation further comprises: 

subtracting the set of one or more permissions specified in the refuse request set fit>m 
the intersection of the maximum request set and the permission set 

38. (Previously Presented) The method of claim 1, wherein the set of requestable 
permissions comprise characteristics of the permissions needed by the code assembly. 
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39. (Previously Presented) The method of claim 1, further comprising controlling 
execution of the code assembly based i^ran the grantabic permission set. 

40. (Previously Presented) The method of claim 39, wherein controlling execution of 
the code assembly comprises: 

receiving a permission request associated wiA the code assembly; and 
selectively granting the requested permission as a function of the grantable 
permission set during run-time execution of the code assembly. 

41. (Canceled). 
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